1 00:00:00,280 --> 00:00:02,580 ‫So let's talk about SAM policy templates 2 00:00:02,580 --> 00:00:05,350 ‫or serverless model policy templates 3 00:00:05,350 --> 00:00:07,430 ‫because they can come up in the exam as well. 4 00:00:07,430 --> 00:00:11,780 ‫So it's a list of templates that you can apply permissions 5 00:00:11,780 --> 00:00:13,570 ‫to your Lambda functions. 6 00:00:13,570 --> 00:00:15,200 ‫And so, they're very simple templates 7 00:00:15,200 --> 00:00:17,720 ‫and they allow you to reason much easily about 8 00:00:17,720 --> 00:00:19,160 ‫what your Lambda function can do 9 00:00:19,160 --> 00:00:22,320 ‫based on these templates that regroup a set of permissions. 10 00:00:22,320 --> 00:00:24,900 ‫There's a full list of all the SAM policy templates 11 00:00:24,900 --> 00:00:26,660 ‫that are available at this link 12 00:00:26,660 --> 00:00:27,781 ‫and there's a lot of them, 13 00:00:27,781 --> 00:00:30,693 ‫but I wanna walk you through three important examples. 14 00:00:30,693 --> 00:00:33,310 ‫Overall, it's pretty self explicit about what they do 15 00:00:33,310 --> 00:00:34,630 ‫once you see them once. 16 00:00:34,630 --> 00:00:37,701 ‫So for example, if we have S3ReadPolicy, 17 00:00:37,701 --> 00:00:41,510 ‫this is a policy template that gives read only permissions 18 00:00:41,510 --> 00:00:42,920 ‫to objects in S3. 19 00:00:42,920 --> 00:00:43,753 ‫That makes sense, right? 20 00:00:43,753 --> 00:00:48,533 ‫SQLPollerPolicy allows your Lambda function 21 00:00:48,533 --> 00:00:51,470 ‫to poll an SQS queue. 22 00:00:51,470 --> 00:00:55,216 ‫And DynamoDBCrud, C-R-U-D, Policy. 23 00:00:55,216 --> 00:00:59,200 ‫C-R-U-D in this case means create read update delete. 24 00:00:59,200 --> 00:01:00,710 ‫So that means that you are able, 25 00:01:00,710 --> 00:01:01,600 ‫from your Lambda function, 26 00:01:01,600 --> 00:01:05,630 ‫to do create, update, delete, and read operations 27 00:01:05,630 --> 00:01:07,352 ‫to your DynamoDB table. 28 00:01:07,352 --> 00:01:09,330 ‫Overall, it's pretty self explicit, 29 00:01:09,330 --> 00:01:10,850 ‫but once you see how it's defined 30 00:01:10,850 --> 00:01:11,683 ‫it makes a lot of sense. 31 00:01:11,683 --> 00:01:14,660 ‫So for example, say we define a function. 32 00:01:14,660 --> 00:01:16,330 ‫It's running Python 2.7 33 00:01:16,330 --> 00:01:19,340 ‫and we want to be able to read from SQS. 34 00:01:19,340 --> 00:01:22,090 ‫In this case, instead of attaching an I-A-M role 35 00:01:22,090 --> 00:01:25,060 ‫what we do is that we create a SQS. 36 00:01:25,060 --> 00:01:28,050 ‫We call the policy SQSPollerPolicies 37 00:01:28,050 --> 00:01:30,570 ‫in this little orange box right here 38 00:01:30,570 --> 00:01:33,950 ‫and say okay we wanna be able to poll this queue name 39 00:01:33,950 --> 00:01:37,390 ‫and automatically when the SAM policy template 40 00:01:37,390 --> 00:01:39,573 ‫has been transformed by the SAM framework, 41 00:01:39,573 --> 00:01:42,980 ‫it will become IAM policy attached to our Lambda function. 42 00:01:42,980 --> 00:01:45,170 ‫The idea with the SAM policy templates is that 43 00:01:45,170 --> 00:01:46,861 ‫it becomes much easier to write 44 00:01:46,861 --> 00:01:48,720 ‫what your function should do 45 00:01:48,720 --> 00:01:51,032 ‫and prevents you from worrying too much 46 00:01:51,032 --> 00:01:54,893 ‫about how you should provide, er provision, your IAM roles. 47 00:01:54,893 --> 00:01:56,180 ‫Okay, so that's it. 48 00:01:56,180 --> 00:01:57,661 ‫All you should know for SAM policy templates. 49 00:01:57,661 --> 00:02:00,520 ‫Make sure you just see once how they look like 50 00:02:00,520 --> 00:02:01,411 ‫so on the right hand side 51 00:02:01,411 --> 00:02:03,960 ‫and from the name of the policy template 52 00:02:03,960 --> 00:02:06,099 ‫usually it's pretty obvious what they do. 53 00:02:06,099 --> 00:02:07,040 ‫All right. 54 00:02:07,040 --> 00:02:07,873 ‫Well, that's it. 55 00:02:07,873 --> 00:02:08,706 ‫Thank you so much for watching. 56 00:02:08,706 --> 00:02:10,260 ‫I will see you in the next lecture.